Bug 34535 - base/univention-lib/python/ldap_extension.py # unregister() does not work
base/univention-lib/python/ldap_extension.py # unregister() does not work
Status: NEW
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: App Center maintainers
Depends on:
Blocks: 32418
  Show dependency treegraph
Reported: 2014-04-11 18:16 CEST by Philipp Hahn
Modified: 2017-06-28 13:17 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.051
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Start fixing UniventionLDAPExtension.unregister() (4.69 KB, patch)
2014-04-11 18:16 CEST, Philipp Hahn
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-04-11 18:16:57 CEST
Created attachment 5869 [details]
Start fixing UniventionLDAPExtension.unregister()

<http://docs.univention.de/developer-reference-3.2.html#join:libraries:shell> mentions the environment variable UNIVENTION_APP_IDENTIFIER, which should be set. But it does not describe what it is required for.

1. If explicitly given, the information is --set and not --append in all cases, even though it is a multi-valued attribute in base/univention-lib/python/ldap_extension.py.

2. unregister() does a UDM search for the specified object of type
From it the values of the property "appidentifier" are fetched.
With that a search for "appcenter/app" is performed to check, if apps using that extension are still installed.

This should be described, as not setting an App-ID or setting it wrong might case the extension to be uninstalled (when the tool from Bug #32418 is ready).

3. According to the Schema file, the AppId is stored in the LDAP attribute "univentionAppID" and not in "cn":
 279 »···»···»···»···app_filter = app_filter + "(cn=%s)" % appidentifier

# univention-ldapsearch -LLLb 'cn=Subschema' -s base objectClasses -o ldif-wrap=no -E 'mv=(objectClasses='
dn: cn=Subschema
objectClasses: ( NAME 'univentionApp' DESC 'UCS App Metadata' SUP top STRUCTURAL MUST univentionAppID MAY ( univentionAppName $ univentionAppVersion $ univentionAppDescription $ univentionAppLongDescription $ univentionAppScreenshot $ univentionAppIcon $ univentionAppCategory $ univentionAppVendor $ univentionAppContact $ univentionAppMaintainer $ univentionAppWebsite $ univentionAppWebsiteVendor $ univentionAppWebsiteMaintainer $ univentionAppWebInterface $ univentionAppWebInterfaceName $ univentionAppConflictingApps $ univentionAppConflictingSystemPackages $ univentionAppDefaultPackages $ univentionAppDefaultPackagesMaster $ univentionAppUMCModuleName $ univentionAppUMCModuleFlavor $ univentionAppServerRole $ univentionAppInstalledOnServer ) )
Comment 1 Philipp Hahn univentionstaff 2014-04-11 18:35:52 CEST
4. the documentation is also wrong: it separates the "appID" and "appVersion" with a '-', while the code uses '_'. I'd recommend to update the documentation, as package-names and version-numbers contain '-' themselves, while _ is already in Debian package file names to separate the package name from the version.

# udm appcenter/app list | grep ^DN
DN: univentionAppID=samba4_4.1,cn=samba4,cn=apps,cn=univention,dc=phahn,dc=dev
DN: univentionAppID=mailserver_8,cn=mailserver,cn=apps,cn=univention,dc=phahn,dc=dev
DN: univentionAppID=oxseforucs_7.4.2-6-ucs7,cn=oxseforucs,cn=apps,cn=univention,dc=phahn,dc=dev

join/join.xml:688:                                                              Before calling the shell function the shell variable <envar>UNIVENTION_APP_IDENTIFIER</envar> should be set to the versioned app identifier (and exported to the environment of subprocesses).
join/join.xml:712:export UNIVENTION_APP_IDENTIFIER="appID-appVersion"
ldap/ldap.xml:120:export UNIVENTION_APP_IDENTIFIER="appID-appVersion"
ldap/ldap.xml:220:export UNIVENTION_APP_IDENTIFIER="appID-appVersion"
Comment 2 Dirk Wiesenthal univentionstaff 2017-04-07 11:14:03 CEST
Probably still broken, although I do not know whether this is ever used in our software.

If I recall correctly, there are several sys.exit() in these functions which I consider dangerous for a lib.